This website is not affiliated with, sponsored by, or approved by SAP AG.

auth/no_check_in_some_cases

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

auth/no_check_in_some_cases

Postby heidicloetens » Tue Oct 25, 2011 12:48 am

Hi,

At my current client, the authorizations tab is not visible in PFCG in both the Q and P environment.
Could this have something to do with he auth/no_check_in_some_cases parameter being set to N.
In the dev system, the authorizations tab is visible and there the parameter is set to Y.

Also in Q and P, the User comparison button is not available.
And even when going to Goto, the User comparison option is greyed out.

Any insight in what may cause this is welcome.

Heidi
heidicloetens
 
Posts: 1
Joined: Tue Oct 25, 2011 12:30 am

Re: auth/no_check_in_some_cases

Postby henrik » Thu Oct 27, 2011 5:11 pm

That is the exact reason.
You need to have it active across the entire landscape.

/henrik
www.turnkeyconsulting.com.au
henrik
 
Posts: 493
Joined: Wed Oct 23, 2002 6:38 am
Location: London, UK

Re: auth/no_check_in_some_cases

Postby os » Sat Oct 29, 2011 12:25 pm

Unfortunately some auditors are going around requesting this, because it sounds good to them.

In reality it creates a huge mess...
os
 
Posts: 469
Joined: Wed Dec 21, 2005 10:51 am

Re: auth/no_check_in_some_cases

Postby jurjen » Sun Oct 30, 2011 4:17 am

os wrote:Unfortunately some auditors are going around requesting this, because it sounds good to them.

In reality it creates a huge mess...


Maybe we can gather some proper evidence here to prove them wrong? I haven't met this issue yet but maybe some of us have already experienced problems coming form this request.
jurjen
 
Posts: 298
Joined: Wed May 17, 2006 8:17 am
Location: The Netherlands

Re: auth/no_check_in_some_cases

Postby henrik » Sun Oct 30, 2011 2:22 pm

I have seen this happen, based on a request from an auditor. Basically the profile generator becomes de-activated, and that in itself makes trouble shooting quite tricky. You can't see if the profile for the role has been generated - an issue often seen with derived roles. You can't look at the role to check values. You can't check the user assignment. We had to very quickly reverse the change!
www.turnkeyconsulting.com.au
henrik
 
Posts: 493
Joined: Wed Oct 23, 2002 6:38 am
Location: London, UK

Re: auth/no_check_in_some_cases

Postby os » Thu Nov 03, 2011 12:10 pm

Most important is that all "no check" indicators in SU24 come to life if production, but you cannot maintain proposals for them in development.

Apples vs Pears (as far as testing is concerned...)
os
 
Posts: 469
Joined: Wed Dec 21, 2005 10:51 am


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 4 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.